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Please Amend the Claims as follows: 

1. (Original) A machine-readable medium having stored thereon sequences of 
instructions which, when executed by a processor, cause the processor to perform the acts of: 

disabling access to at least a first section of code in a network driver interface, wherein 
the network driver interface provides for communication between one or more media access 
control units and one or more protocol drivers in a computer system according to a set of 
bindings; 

patching the first section of code to cause the insertion of a rerouting 

driver into the one or more communication paths provided by the set of bindings; and 

re-enabling access to the patched first section of code. 

2. (Original) The machine-readable medium of claim 1 wherein the patching is static 
patching. 

3. (Original) The machine-readable medium of claim 2 wherein the static patching 
includes inserting a template jump from the network driver interface to a template in the 
rerouting driver. 

4. (Original) The machine-readable medium of claim 3 wherein the template jumps are 
inserted in the network driver interface so that a CALL instruction to the protocol driver is 
replaced with a JUMP to the template in the rerouting driver, the template containing the CALL 
instruction. 

5. (Original) The machine-readable medium of claim 2 wherein the patching the fust 
section of code creates at least one new binding between the network driver interface and the 
rerouting driver. 
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6. (Original) The machine-readable medium of claim 5 wherein the at least one new 



8- (Original) The machine-readable medium of claim 1 wherein the patching is dynamic 
patching. 

9, (Original) The machine-readable medium of claim 8 wherein the dynamic patching 
includes establishing a new binding between at least one media access control unit and dynamic 
patching code in the rerouting driver, and inserting a template jump in the network driver 
interface to a template in the rerouting driver. 

10. (Original) The machine-readable medium of claim 9 wherein the template jumps are 
inserted in the network driver interface so that a CALL instruction to the protocol driver is 
replaced with a JUMP to the template in the rerouting driver, the template containing the CALL 
instruction. 




binding provides for communication between one or more media access control units and a 
capturing unit in the rerouting driver. 



7. (Original) The machine-readable medium of claim 6 wherein the capturing unit is used 
to intercept communications over the at least one new binding* 
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1 1 . (Original) A computer implemented method comprising: 

transmitting from a remote host to a first target computer on a network an installation 
application and a rerouting driver; 



transmitting from the remote host to the first target computer a command to cause the 
first target computer to execute the installation application; 

the first target computer, responsive to receipt of the command, executing the installation 
application, wherein the first target computer includes a network driver interface that provides 
for communication between one or more media access control units and one or more protocol 
drivers according to a set of bindings; and 

the first target computer, responsive to executing the installation application, causing the 
modification of the network driver interface to insert the rerouting driver into the one or more 
communication paths provided by the set of bindings without restarting the first target computer* 

12. (Original) The computer implemented method of claim 1 1 wherein the modification 
of the network driver interface is by static patching. 

13. (Original) The computer implemented method of claim 12 wherein the static 
patching further comprises inserting template jumps from the network driver interface to 
templates in the rerouting dri ver, 

14. (Original) The computer implemented method of claim 13 wherein the template 
jumps are inserted in the network driver interface so that a CALL instruction to the protocol 
driver is replaced with a JUMP to the template in the rerouting driver, the template containing 
the CALL instruction, 

15. (Original) The computer implemented method of claim 11 wherein the modification 
of the network driver interface is by dynamic patching. 

16. (Original) The computer implemented method of claim 15 wherein the dynamic 
patching further comprises establishing a new binding between at least one media access control 
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unit and dynamic patching code in the rerouting driver, and inserting a template jump in the 
network driver interface to a template in the rerouting driver. 

17. (Original) The computer implemented method of claim 16 wherein the template 
jumps are inserted in the network driver interface so. that a CALL instruction to the protocol 
driver is replaced with a JUMP to the template in the rerouting driver, the template containing 
the CALL instruction. 



[The Remainder of this page has been left intentionally blank.] 
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18. (Original) A computer system comprising: 

a protocol driver; 

a media access control unit; 

a network driver interface to store a first binding defining a communication path 
between the protocol driver and the media access control unit, the network driver interface 
coupled to communicate packets with the media access control unit, the network driver interface 
patched to communicate the packets with a rerouting driver, and 

the rerouting driver being coupled to communicate the packets with the protocol 

driver, 

r 

19. (Original) The computer system of claim 1 8, the rerouting driver further comprising 
static patching code. 

20. (Original) The computer system of claim 18, the rerouting driver further comprising 
dynamic patching code. 

21 . (Original) The computer system of claim 18, the rerouting driver further comprising 
a capture unit to store in a buffer one or more of the packets for evaluation 

22. (Original) The computer system of claim 21, the network interface to also store a 
second binding defining a communication path between the rerouting driver and the media access 
control unit; and, the capture unit to store in the buffer the packets destined for the rerouting 
driver. 
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23. (Original) A rerouting driver for remotely installing network drivers and software in 
a computer system without restarting the computer system following installation, the computer 
system having an operating system in which a network driver interface provides communication 
of information between at least one media access control unit and at least one protocol driver on 
the computer system, the rerouting driver comprising: 

control code, for controlling the rerouting driver; 

binding code, for establishing at least one binding at the network driver interface so that 
the rerouting driver is bound to at least one media access control unit; 

patching code, for inserting template jumps into at least a first section of code in the 
network driver interface, the template jumps providing jumps to templates in the rerouting driver 
so that information from at least one media access control unit destined for at least one protocol 
driver is rerouted to the rerouting driver; 

at least one template, for receiving information from at least one template jump in the 
network driver interface; 

inserted code, for evaluating rerouted information received by the template jumps. 

24. (Original) The rerouting driver of claim 23 wherein the control code identifies a 
starting memory address of the network driver interface instruction code and disables access to 
the first section of code, and further wherein the patching code, following the disabling of access, 
operates to overwrite the first section of code and additional pre-determined memory addresses 
so that all the pre-determined memory addresses are patched. 

25. (Original) The rerouting driver of claim 23 wherein the patching code responsive to 
receipt of information being sent from the network driver interface, determines the instruction 
code address that sent the information and overwrites the first section of code at that address so 
that memory addresses are incrementally patched as information is received from the network 
driver interface. 
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26. (Original) A method for disabling and re-enabling access to code in a multiprocessor 
system having a shared memory and a network driver interface comprising: 

selecting a first section of code in a first central processing unit that is to be modified; 
writing the first section of code into the cache memory of the first central processing unit; 
overwriting a portion of the first section of code in cache memory with blocking code to 
create a first version of code; 

writing the first version of code into shared memory, 

modifying the first version of code in the cache memory to create a second version of 
code, wherein a portion of the code following the blocking code is overwritten with template 
jumps to effect a static patch of the network driver interface; 

writing the second version of code into shared memory; 

modifying the second version of code in the cache memory with code to create a third 
version of code, wherein the blocking code is overwritten to remove the blocking code; and 
writing the third version of code into shared memory. 

27. (Original) The method of claim 26 wherein the first section of code is located in the 
network driver interface, 

[The Remainder of this page has been left intentionally blank.] 
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28. (Original) A machine-readable medium having stored therein instructions, which 
when executed, cause a set of one or more processors to perform the following: 

disabling access to a first section of code, the first section of code to be executed when to 
provide a communication path between a media access control unit and an application, the first 
section of code including a generic call; and 

overwriting the first section of code with a second section of code whose execution 
causes execution flow to be rerouted to a third section of code in a rerouting driver, the second 
section of code being no larger than the first section of code, 

the third section of code, when executed, completing the communication path and 
returning execution flow, the third sectiou of code including additional code not present in the 
first section of code that is now inserted into the communication path. 

29. (Original) The machine-readable medium of claim 28 wherein the second section of 
code contains a template jump to a template in the third section of code. 
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30. (Currently Amended) A distributed packet based security system installed using a 
patchin g technique for each individual computer and enabled without shutdown or restart across 
a plurality of computers in a network that enables each of said plurality of computers to evaluate 
packets received over the network according to a predetermined standard and selectively allow 
transmission of such packets from the network to a protocol driver. 

v 

31. (Cancelled). 

32. (Original) The distributed packet based security system of claim 30, wherein each of 
the plurality computers form a shared memory buffer between a user space that stores first code 
of the distributed packet based security system and a system address space that stores the 
protocol driver and second code of the distributed packet based security system, wherein said 
second code is coupled to said shared memory to store information regarding packets received 
over the network, and wherein said first code is coupled to the shared memory buffer to evaluate 
information stored in the shared memory buffer. 

33. (Original) The distributed packet based security system of claim 30, wherein the 
install is performed remotely from a host computer on said network* 
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34. (Original) A computer system comprising: 
a plurality of networked computers each including, 

a media access control unit coupled to the physical transmission medium of the network 



to extract packets from data provided across said medium; 

a protocol driver coupled to the media access control unit; and 

filter code installed in between the media access control unit and the protocol driver and 
enabled without shutdown or restart to evaluate said packets and selectively allow continued 
transmission of different ones of said packets to the protocol driver. 

35. (Original) The computer system of claim 34, wherein the install is performed using a 
patching technique. 

36. (Original) The computer system of claim 34, wherein each of the plurality computers 
includes a shared memory buffer between a user space that stores a security application and a 
system address space that stores the media access control unit* the protocol driver, and the filter 
code, wherein said filter code is coupled to said shared memory to store information regarding 
packets received over the network, and wherein said security application is coupled to the shared 
memory buffer to evaluate information stored in the shared memory buffer. 

37. (Original) The computer system of claim 34, wherein the install is performed 
remotely from a host computer on said network. 
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38. (Original) A computer implemented method comprising: 
distributing from a remote host across a network to a plurality of 

computers code to be installed by each of said plurality of computers, each of said 
plurality of computers including routines to be executed to provide a 
communication path between a media access control unit coupled to the network 
and a protocol driver, said communication path for packets transmitted across said 
network; 

transmitting from the remote host to each of the plurality of computers a 
command to cause each of the plurality of computers to execute said code; and 

each of the plurality of computers responsive to said command 
performing, installing a driver in the communication path between the media 
access control unit and the protocol driver, said installed driver being enabled, 
without restart of said computer, to evaluate selectively allowing continued 
transmission of different ones of said packets received over said network along 
the communication path. 

39. (Original) The. method of claim 38, wherein said installing is performed using a 
patching technique. 

40. (Original) The method of claim 38, wherein each of the plurality computers 
responsive to said command also perform, forming a shared memory buffer between a system 
address space that stores the protocol driver and a user space that stores a security application, 
wherein said driver is coupled to said shared memory to store information regarding packets 
received over the network, wherein said application is coupled to the shared memory buffer to 
evaluate information stored in the shared memory buffer. 
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41. (Original) The method of claim 39 wherein said installing includes installing the 
driver in-between the network driver interface and the protocol driver. 



[The Remainder of this page has been left intentionally blank.] 



-13- 



PAGE 18/41 * RCVDAT 3/2512004 2:01:04 PM [Eastern Standard Time] * SVR:USPT0£FXRM/3 * DNIS:8729306 1 CSID:404 572 5145 4 DURATION (mm-ss):51-02 




MAR 25 2004 14:26 FR KING & SPALDING LLP 404 572 5145 TO 555 18054568 10503 P. 19/41 



42. (Original) A machine-readable medium that provides instructions, which when 
executed by a set of processors, cause said set of processors to perform operations comprising: 



distributing from a remote host across a network to a plurality of 
computers code to be installed by each of said plurality of computers, each of said 
plurality of computers including routines to be executed to provide a 
communication path between a media access control unit coupled to the network 
and a protocol driver, said communication path for packets transmitted across said 
network; 

transmitting from the remote host to each of the plurality of computers a 
command to cause each of the plurality of computers to execute said code; and 

each of the plurality of computers responsive to said command 
performing, installing a driver in the communication path between the media 
access control unit and the protocol driver, said installed driver being enabled, 
without restart of said computer, to evaluate selectively allowing continued 
transmission of different ones of said packets received over said network along 
the communication path. 



43- (Original) The machine-readable medium of claim 42, wherein said installing is 
performed using a patching technique. 
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44. (Original) The machine-readable medium of claim 42, wherein each of the plurality 
computers responsive to said command also perform, forming a shared memory buffer between a 
system address space that stores the protocol driver and a user space that stores a security 
application, wherein said driver is coupled to said shared memory to store information regarding 
packets received over the network, wherein said application is coupled to the shared memory 
buffer to evaluate information stored in the shared memory buffer. 
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45. (Currently Amended) A computer implemented method comprising: 

installing into each of a plurality of computers on a network code that is 
part of a distributed packet security system, said code being installed such that 
packets transmitted across said network to a given one of said plurality of 
computers is received by said code before being providing provided to a protocol 
driver, 

at least the first of said plurality of computers without being shutdown or 
restarted, 

receiving a packet from said network; and 

said code executing on said first computer selectively forwarding said 
packet onto the protocol driver depending upon parameters of the distributed packet base security 
system. 

46. (Original) The method of claim 45, wherein said installing is performed using a 
patching technique. 

47. (Original) The method of claim 45 t wherein said installing is performed remotely 
over said network. 
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48. (Currently Amended) A machine-readable medium that provides instructions, which 
when executed by a set of processors, cause said set of processors to perfonn operations 



installing and enabling, without shutdown or restart, on each of a plurality 
of computers on a network code that is part of a distributed packet security 



network to a given one of said plurality of computers is received by said code 
before being providing provided to a protocol driver; 

wherein said code, when executed responsive to one of said plurality of 
computers receiving a packet from said network, selectively forwards said packet 
onto the protocol driver depending upon parameters of the distributed packet base 
security system. 



49. (Original) The machine-readable medium of claim 48, wherein said installing is 
performed using a patching technique. 

50. (Original) The machine-readable medium of claim 48, wherein said installing is 
performed remotely over said network. 
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comprising: 



system, said code being installed such that packets transmitted across said 
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51. (Currently Amended) A computer implemented method comprising: 

installing into each of a plurality of computers on a network first and 
second code that is part of a distributed packet security system, said first code 
being installed in a user address space, said second code being installed in a 
system address space, said second code being installed such that packets 
transmitted across said network to a given one of said plurality of computers is 
received by said second code before being providing provided to a protocol driver 
in said system space; 

at least the first of said plurality of computers without being shutdown or 
restarted, receiving a packet from said network; 

said second code storing at least certain information from said packet into 
a shared memory buffer between the user address space and the system address 
space; and 

said first code accessing information from said shared memory buffer. 

52. (Original) The method of claim 51, wherein said installing is performed using a 
patching technique. 

53. (Original) The method of claim.51, wherein said installing is performed remotely 
over said network. 

54. (Original) The method of claim 51, wherein said second code is in a communication 
path between a network driver interface and the protocol driver. 
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55. (Currently Amended) A machine-readable medium that provides instructions, which 
when executed by a set of processors, cause said set of processors to perform operations 



installing and enabling, without shutdown or restart, on each of a plurality 
of computers on a network first and second code that is part of a distributed 



second code being installed in a system address space, said second code being 
installed such that packets transmitted across said network to a given one of said 
plurality of computers is received by said second code before being providing 
provided to a protocol driver in said system space; 

wherein said second code, when executed responsive to a first of said 
plurality of computers receiving a packet from said network, stores at least certain 
information from said packet into a shared memory buffer between the user 
address space and the system address space; and 

wherein said first code when executed by said first computer accesses said 
information from said shared memory buffer. 



56. (Original) The machine-readable medium of claim 54, wherein said installing is 
performed using a patching technique. 

57. (Original) The machine-readable medium of claim 54, wherein said installing is 
performed remotely over said network. 

58. (Original) The method of claim 55, wherein said second code is in a communication 
path between a network driver interface and the protocol driver. 




comprising: 



packet security system, said first code being installed in a user address space, said 
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